This application is based on Japanese Patent Application No. 10-334485, filed Nov. 25, 1998, the contents of which is incorporated herein by reference.
The present invention relates to an encryption apparatus, cryptographic communication system, key recovery system, and storage medium, all of which are characterized by a section for managing encryption and decryption keys used in encryption and decryption processes.
In recent years, data have been encrypted to prevent wire tapping and alteration in communicating data (messages) on an open network.
Encryption keys are used for this data encryption. Users may lose their own keys, or keys may be destroyed due to some reason. An authorized third party must intercept data depending on situations. To cope with these situations, keys must be recovered by any method.
According to the conventional key recovery system, an authentic user for cryptographic communication registers a key recovery process in an actual key recovery agent in advance, and a key recovery field which allows decryption in correspondence with this registration is added to the encrypted data. The encrypted key recovery field is decrypted to recover the corresponding key (e.g., a secret key for communication).
A sender/receiver or an authorized third party transmits a key recovery field to a key recovery agent, as needed, and makes the agent recover a key such as a lost key.
In the conventional key recovery method, however, it is difficult for the key recovery agent to check if the key recovery requester has the authorized right. The key recovery agent may cooperate with a malicious third party to illegally recover the key. The conventional method cannot prevent this illegal recovery.
Assume that the sender and receiver in data communication register different key recovery agents, and particularly in international cryptographic communication. The key recovery field of the sender cannot be recovered by the key recovery agent registered by the receiver or authentic third party. For example, the sender registers a key recovery agent A, and the receiver registers a key recovery agent B. Assume that the receiver does not know the key recovery agent A and that the receiver loses the secret key for cryptographic communication. In this case, the lost public key cannot be recovered even if the key recovery field of the encrypted data is sent to the key recovery agent B. If the sender and receiver have different nationalities, it is not easy for the receiver to know the location of the key recovery agent A. This also applies to the authentic third party.